Basic Steps to integrate Linux LDAP client with AD....kerberos and SASL issues/confusion

Bill Pappas bill.pappas at STJUDE.ORG
Sat Jul 24 15:02:31 EDT 2004


On Thu, 2004-07-22 at 13:59, Bill Pappas wrote:
> Hello.  Is there a complete set of instructions for using MIT kerberos
> with SASL and Active Directory?
> 
> I want to authenticate using kerberos.  I want to be able to search the
> LDAP server using an encrypted password when I binddn.  I can do
> searches in clear test, but this is not suitable.
> 
> But in the end, I really want to extend AD (via MS Services for Unix
> which would extend the AD schema for NIS mapping) and modify my ldap
> client (via nss and pam libraries) to use a common userid for all
> platform.  Upon modifying the client, for example, I could ssh or even
> log on the console of the client with my AD user.  If I were to type (on
> the client) getent passwd | grep username, I'd get the sanAccount name,
> a unix UID/GID which was assigned via SFS's extending the AD schema.
> 
> My problem is finding a clear procedure that is up to date and
> complete.  I'm clueless on how SASL interacts with Kerberos (if it
> does).  
> 
> Any help would be appreciated.
> 
> 
> 
> LDAP Client:
> RedHat AS 3.0
> openldap-2.2.13
> MIT krb5-1.3.4
> cyrus-sasl-plain-2.1.15-3
> cyrus-sasl-md5-2.1.15-3
> cyrus-sasl-gssapi-2.1.15-3
> cyrus-sasl-2.1.15-3
> cyrus-sasl-devel-2.1.15-3
> 
> LDAP Server:
> Active Directory (loosely based on LDAP) Windows 2000
> 
-- 
Thanks,

Bill Pappas
Systems Integration Engineer
St. Jude Children's Research Hospital
Department: Hartwell Center
Phone: 901.495.4549
Fax: 901.495.2945



More information about the Kerberos mailing list